Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade typeorm from 0.2.45 to 0.3.18 #382

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade typeorm from 0.2.45 to 0.3.18 #382

wants to merge 1 commit into from

Conversation

rhicksiii91
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: typeorm The new version differs by 250 commits.
  • b6ef306 updated glob version
  • b5d2599 build(deps-dev): bump the npm_and_yarn group group with 1 update (#10591)
  • 080528b fix: resolve circular dependency when using Vite (#10273)
  • 338df16 feat: add support for table comment in MySQL (#10017)
  • 15bc887 build: update CircleCI config & repair failing tests (#10590)
  • b5ec088 docs: update Chinese faq.md (#10593)
  • a00b1df feat: implement OR operator (#10086)
  • dd59524 fix: prevent using absolute table path in migrations unless required (#10123)
  • 4329996 docs: update Soft-Delete, Restore-Soft-Delete examples (#10585)
  • 7ecc8f3 docs: updated id to _id (#10584)
  • 8b4df5b fix: added fail callback while opening the database in Cordova (#10566)
  • 173910e fix: should automatically cache if alwaysEnable (#10137)
  • 73ee70b fix: correctly keep query.data from ormOption for commit / rollback subscribers (#10151)
  • e67d704 feat: nullable embedded entities (#10289)
  • 5c28154 feat: BeforeQuery and AfterQuery events (#10234)
  • 0f11739 docs: fix typos (#10243)
  • b188c1e chore: initial setup of ESLint (#10203)
  • 25e6ecd fix: nested transactions issues (#10210)
  • 3cda7ec feat: add isolated where statements (#10213)
  • 149226d fix: backport postgres connection error handling to crdb (#10177)
  • 122b683 fix: mssql datasource testonborrow not affecting anything (#10589)
  • dc1bfed fix: resolve issues on upsert (#10588)
  • a939654 fix: remove dynamic require calls (#10196)
  • f6b87e3 perf: improve SapQueryRunner performance (#10198)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: package.json to reduce vulnerabilities
899b222 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rhicksiii91 @snyk-bot